Jump to content

    Windows Defender Application Control (Through SCCM)

    By Judical,
    Hello, I have enabled the feature in SCCM for "Windows Defender Application Control". For some reason I cannot get the policy to push to any machines. Any ideas on what the issue may be would be appreciated. -Judical

    Installing Endpoint Protection Site System Role SCCM 1806 on Server 2016

    By svariell,
    I'm currently troubleshooting the logs, but because my SCCM Primary is installed on Server 2016 and SCEP doesn't install.  How do we get this to work? Here's the messages I'm getting from looking at Site Components in the Console:
    Site Component Manager failed to install component SMS_ENDPOINT_PROTECTION_CONTROL_MANAGER on server & SCEPInstall.exe returns error 0x8004ff73.

    WindowsUpdate.log error messages

    By droidus,
    I am running SCCM on my 2016 windows server, and receive these errors in my windowsupdate.log file.  I have a WSUS service running on the SCCM server, and a GPO is defined to point to that.

    Failed to get DP Location

    By droidus,
    I am struggling as to why I am still getting this error.  I am deploying Software Center to my AD server.  Both servers run 2016.  I followed this tutorial: https://www.windows-noob.com/forums/topic/4428-using-sccm-2012-in-a-lab-part-3-configuring-discovery-and-boundaries/.  I did notice that under software library/packages, that the cm client package failed to distribute, so not sure if that's part of this, or that's a separate problem.  I've done some research, and people have said that you failed to define the DP.   Boundary Properties: Boundary Group Properties:

    SCCM Third party certificates for IBCM?

    By glen8,
    Hi Everyone, We have an SCCM CB IBCM server within our DMZ serving up updates for our internet based laptop users.  Today we ran an external vulnerability scan to health check the security of our network.  The report flagged up a red mark against our IBCM server due to not using third party certificates.  "Due to using an internally generated certificate the server is unable to verify it"  or words to that effect. I'm sure I'm correct in saying that each an every client much have a unique certificate for SCCM to work, and using a third party cert would be incredibly expensive if we had to purchase 100s of them for each client. Can someone please confirm the correct usage of certificates in an IBCM scenario please.  Should we be using third party certs, or carry on using the current internal ones.  Thanks!

    Store Apps

    By KeithDib,
    I have set up Store Apps on out 1709 environment and i am deploying OFFLINE apps I cannot however get the ONLINE apps to deploy from the store, I have moved the apps to the private store, assigned to myself as a test user, i have recieved the link emails from the store BUT when i follow the link i click to install and get 'There seems to be an error our end, try again later' been having same issue for a week.   can anyone help?   thanks

    SCCM 1806 currently logged on user not populating

    By kregina,
    We updated to SCCM1806 a few weeks ago, the clients have definitely updated to the newest version, but the currently logged on user column never populates. Any ideas?  

    Adding Custom GlobalCondition to a DeploymentType - powershell

    By Always,
    Hi WN I trying to add a custom Global Condition to a deployment type. But cant figure out how it done. and a big error so ?? if (!(Get-CMGlobalCondition -Name "Is user is logged on"))
        Remove-Item "$env:temp\Is_user_is_logged_on.ps1" -ea SilentlyContinue
        Add-Content -Encoding UTF8 "$env:temp\Is_user_is_logged_on.ps1" "[bool] (Get-Process explorer –ea 0)"
        New-CMGlobalCondition -Name "Is user is logged on" -Description "Check if an user is logged on" -DeviceType Windows -DataType Boolean -ScriptLanguage PowerShell -FilePath "$env:temp\Is_user_is_logged_on.ps1"
        Remove-Item "$env:temp\Is_user_is_logged_on.ps1" -ea SilentlyContinue
    } $ApplicationName = "Igor Pavlov 7-Zip 18.05 (x64 edition) V1"
    $condition = Get-CMGlobalCondition -Name "Is user is logged on"
    Set-CMDeploymentType -ApplicationName "$ApplicationName" -DeploymentTypeName "_Silent" -AddRequirement "$condition.Rule" console return: Cannot convert value "[SecurityVerbs(-1)]
    instance of SMS_GlobalCondition ...... ref: https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/32636506-powershell-cmdlet-for-adding-global-conditions-as anyone done this before?

Portal by DevFuse · Based on IP.Board Portal by IPS